The Technology Transformation segment of the Enterprise Architecture (EA) Program Plan focuses on initiatives that enable NIH to transition from the “as-is” to the planned “to-be” architecture. One current Technology Transformation initiative is the coordination of Identity Management solutions across NIH. The Office of the Chief IT Architect (OCITA) has a long range goal to register both people within the NIH and outside the NIH to grant them access to appropriate systems.
NIH External is the current external directory Active Directory (AD) solution at NIH, established in 2005. This solution provides authentication and authorization to non-NIH affiliated staff that need access to NIH applications and data for collaboration. NIH External addresses the NIH business need for external users to access NIH systems as well as providing a path forward in meeting OCITA’s long range Identity Management goal.
The Enterprise Messaging and Infrastructure Branch (EMIB) within the Center for Information Technology (CIT) operates and maintains NIH External, which allows users to engage in the following types of activities with external parties:
- Collaboration
- Document management and sharing
- Extramural programs
- Participation in studies
External Directory Domain Team
After EMIB established NIH External in 2005, OCITA commissioned an External Directory Domain Team to document the existing technical solution, develop NIH External Directory Business Process Models, and determine data requirements for the directory. The primary purpose of the Domain Team was to make recommendations that addressed NIH business needs around external user authentication and authorization while ensuring the appropriate controls to protect the NIH environment and data. After a series of meetings, the Domain Team released the NIH External Directory Final Report, which recommended several change to improve and enhance NIH External:
- Build a web application system to facilitate the processes
- Create standardized risk assessment templates for projects to follow
- Utilize a secure system to store and update information for users
External Directory Domain Team Recommendation Implementation
Since the completion of the External Directory Domain Team, EMIB has addressed many of the recommendations of the Domain Team. The team created a NIH External Active Directory website and published workflow documentation in order to clarify the process for existing External customers and for potential collaborators. The most recent enhancement to NIH External’s service offering is the establishment of a self-service External Active Directory Account Request area of the NIH External website . This service allows potential collaborators to enter in personal data directly to the system. Once the new user enters personal information, the project owner is notified, and, upon approval, the account is created automatically. In addition to these enhancements to NIH External, EMIB has completed the following in response to the Domain Team recommendations:
- Documented a standardized Service Level Agreement (SLA) format.
- Documented the identity validation levels necessary for the collaboration project or task. In accordance with the Domain Team recommendations, EMIB defined a set of NIH External roles and responsibilities and used these roles for participant identity verification and audits.
- Developed an External Active Directory Project Application webpage to assist current and potential collaboration project owners.
- Provided a web tool for project owners or project administrators to create a project user account in a standardized way. Using the web tool, the project owner has full control over the membership of this group and is able to add, delete, and manage existing External accounts.
Future Plans
NIH External remains an integral part of NIH’s future external authentication solution. In the future, EMIB plans to pursue a partnership with an outside vendor who can supply identity verification, as well as upgrading security enhancements in order to increase the level of identity validation for external users. For additional information or to contact the NIH External Team at EMIB, please visit http://external.cit.nih.gov.
